Skip to main content

Security experts just found two giant smartphone privacy issues

The Apple iPhone 15 Pro Max's camera module.
Apple iPhone 15 Pro Max Andy Boxall / Digital Trends

This has been quite a stunning week in regard to the privacy and security of smartphone users. Specifically, two investigations have revealed troubling privacy concerns around smartphone advertising and iOS’ notification system.

The first, a deep investigation by 404 Media, uncovered a company called Patternz is weaponizing the ad delivery system on smartphones to extract information through apps and then send it to bidders.

The report described Patternz as “a secretive spy tool that can track billions of phone profiles through the advertising industry.” Patternz uses a pipeline in popular apps like 9Gag and a bunch of popular caller ID apps to do its nefarious jobs. Patternz reportedly told its clients that it can monitor virtually any app that is capable of running ads.

The company’s CEO says once the tool, which covers over half a million apps, is deployed, the phone turns into a “de facto tracking bracelet.” According to a damning research paper, it profiles over a staggering 5 billion users and hawks the information to clients using the real-time bidding (RTB) market. Whether you have an iPhone or an Android phone, this is something that can affect you.

ISA, the surveillance company behind Patternz, collects this data from RTB players like Google and X, formerly known as Twitter. The dataset it sells can include anything from a highly specific location of a person that’s accurate within meters to a history of their movement pattern and even who they are meeting.

A massive surveillance net

Illustration of people standing on a phone's screen
Generated using Dall-E 2 / Digital Trends

The very existence of such tools also brings into question the efficiency of Apple’s heavily marketed App Tracking Transparency feature, which aims to curtail such ad-enabled tracking.

Cybersecurity experts say such tools enable government surveillance, and the likes of ISA are already advertising their services to national security agencies. That’s no coincidence.

The head of the National Security Agency has acknowledged that the NSA purchases web-browsing data of Americans from data brokers, bypassing the need for warrants.

The bombshell confirmation came after Senator Ron Wyden (D-OR) put a hold on the nomination of the NSA’s incoming director, Timothy Haugh, and demanded answers about the agency’s practices in collecting Americans’ location and internet data.

Wyden, who has been attempting for three years to reveal that the NSA buys Americans’ internet records, received a letter on December 11 from current NSA Director Paul Nakasone confirming these purchases. Reuters first reported the letter’s details.

Notifications can be nefarious

Ivory app notification tab
Christine Romero-Chan / Digital Trends

But ads are just one-half of the problem. Another investigation by Mysk revealed that bad actors are exploiting the push notifications on iPhones to collect crucial data for diagnostics and customized data delivery.

Whenever an app gets a push notification, iOS briefly wakes it up, giving it a short window to personalize the notification before showing it to the user. Not shockingly, various social apps, infamous for their invasive data collection habits, are exploiting this background runtime provided by push notifications.

Developers can cleverly use this loophole to execute code in the background whenever they want, simply by sending push notifications. Numerous apps are using this function to covertly send comprehensive device data while operating in the background, effectively running a system for fingerprinting devices.

#Privacy: Facebook, TikTok, and Other Apps Use Push Notifications to Send Data about Your iPhone

“The frequency at which many apps send device information after being triggered by a notification is mind-blowing,” says the security firm. This investigation has unearthed suspicious behavior even from massively popular platforms such as Facebook, TikTok, and LinkedIn.

What do experts have to say?

Illustration of a woman looking through a phone
Generated using Dall-E 2 / Digital Trends

The only solution to this problem? Disabling notifications.

“More recently, adversaries look to be using notification pop-ups and ads that may induce the victim into installing spyware onto their devices,” Jon Clay, VP of Threat Intelligence at global cybersecurity firm Trend Micro, tells Digital Trends.

So, what can an average person do to avoid such illicit surveillance, which can transmit identifying details such as location and local data? “Many people have been led to believe mobile devices are secure by themselves,” Clay says, noting that installing ad-blockers may offer some form of safety net or dedicated security apps.

What happens on your iPhone does not stay on your iPhone.

“Attacks of this nature are quite insidious and extremely alarming,” says Alan Bavosa, vice president of security products at Appdome. He notes that users are typically in a defenseless position in the face of such attacks since they aren’t aware of what’s happening on their devices in the first place.

“There are small things that users can do not to make matters worse, like downloading apps from standard app stores and not changing (jailbreaking or rooting) their devices,” Bavosa tells us. “But these measures are additive, not curative.”

A person holding the Apple iPhone 15 Plus and Apple iPhone 15 Pro Max.
Apple iPhone 15 Pro Max (left) and Apple iPhone 15 Plus Andy Boxall / Digital Trends

Unfortunately, it seems the onus ultimately falls on the user, and that, too, is a preventive measure. A common suggestion from cybersecurity experts is to manually dig into the settings app and disable notification apps for certain apps and maybe to device sensors as well.

“Some Adware and Spyware may be published by bad actors in the official marketplaces under look of a legitimate app,” says Shawn Loveland, chief operating officer at Resecurity. “It is recommended not to install random apps or apps you don’t really need.”

Even though bad actors have found workarounds, asking apps not to track user activity on your iPhone is a prudent step. “It’s a good idea to periodically check the permissions of apps, particularly those related to location and microphone access, and to disable any that aren’t necessary,” suggests John Chapman, co-founder of security firm MSP Blueshift.

Some reprieve will arrive later this year as Apple prepares to ask developers to explicitly explain why they need to access push notifications and the related diagnostic systems on iPhones. It’s not going to fix all the problems in one go, but it’s at least a decent start.

Editors' Recommendations

Nadeem Sarwar
Nadeem is a tech journalist who started reading about cool smartphone tech out of curiosity and soon started writing…
iPhone Flip: what we know about Apple’s first foldable phone
Folding iPhone concept from iOS Beta News.

In the past few years, Samsung has become one of the leading manufacturers of foldable devices, including the Galaxy Z Fold 5 and Galaxy Z Flip 5. Though it's not the only brand making foldable devices, it offers the most mainstream and available options, especially in the U.S. That leads to the question of whether Apple will follow suit with a foldable iPhone — or even an iPad.

There have been long-standing rumors that Apple could be working on such a device, including a foldable iPhone, which we'll call "iPhone Flip" for now. Apple's a secretive company, so there may very well be at least some research and development taking place on such a device. But, of course, this continues to just be all speculation for now. From the latest news, rumors, and reports, here's everything we know so far about Apple's folding iPhone.
iPhone Flip: design and display

Read more
Nomad’s new iPhone accessory is unlike anything you’ve seen before
Personal taking iPhone 15 Pro out of pocket with Rustic Brown Nomad Magnetic Leather Back attached.

Well-known leather case maker Nomad has a pair of sleek and elegant iPhone cases ready to adorn your iPhone 15 Pro or iPhone 15 Pro Max in time for Valentine’s Day.

Known for its quality leather cases, Nomad has long been a favorite of those who want to dress up their iPhone with a bit of style, and its two latest accessories mark the return of a fan favorite — plus something entirely different and unquestionably cool. They're definitely the most stylish among the roster of the best iPhone 15 Pro cases. 
The Magnetic Leather Back is something else

Read more
I used to hate screen protectors, but this one changed my mind
A Zagg Glass XTR3 screen protector on an iPhone 15 Pro Max.

Like millions of others, I visit the Apple website every year and order a new iPhone. Once it arrives, I always have the same reaction when I see it for the first time: it's a shame that I have to cover this beautiful device with a case. And yet, that's the wise thing to do to protect my investment.

Although I always recognized the need for an iPhone case, I have never been a fan of screen protectors. That changed recently when I was introduced to the Zagg Glass XTR3 Protector for my iPhone 15 Pro Max. One of the best screen protectors on the market, the XTR3 offers several features missing on similar products. Those features and Zagg's comprehensive product guarantee have made me a screen protector believer. Depending on your needs, you might want to be, too.
I didn't used to be a screen protector person

Read more